Menu

getting past untrusted HTTPS connections with selenium

A common problem many Selenium users run into is the untrusted connection warning.

This happens when an SSL certificate is unsigned, self-signed, or doesn’t match the domain name, a common scenario in test environments. In Firefox it used to be a popup modal dialog that needed dismissed by clicking “ok” or “so what” or something along those lines. More recent versions of Firefox (I have 3.5.8) bring up an intermediate page that says “This Connection is Untrusted” and looks like this:

What should you do?

Click “I Understand the Risks”

Click “Add Exception”

Click “Get Certificate”

Make sure “Permanently store this exception” is checked (it is by default)

Click “Confirm Security Exception”

There, now don’t you feel safer for all that clicking.

Earlier releases of Firefox 3.5 had a bug that it wouldn’t “permanently” store the SSL Certificate, and there was even a plugin created to fix that.

Well, that’s all fine a dandy, but unless you want to click through that manually every time you run tests in Selenium, you’ve got a problem. See, it’s not an actual page, which means there’s no DOM for javascript to access, so you can’t use selenium to click through it. And selenium starts fresh with a new profile every time.

But that’s only by default. You can tell Selenium to use an existing profile as a template by passing the -firefoxProfileTempate flag like this:

If you’ve already dismissed the dire warnings manually with your existing profile, now Selenium will sail right through. But only if you use Firefox. I’ll tell you how to get past this problem with IE, Opera, Chrome, and Safari another day.

But first, let’s create a custom profile that doesn’t have all the junk you’ve loaded into Firefox (like vimperator and firebug) to make it run a bit quicker and cleaner.

Close all your firefox windows down (don’t forget the quick launch if you have that)

Launch firefox from the command line with

firefox.exe -ProfileManager -no-remote

Click “Create Profile”

Click “Next” on the Create Profile Wizard” nonsense popup

Create a name for your new profile — I think “Selenium” is pretty descriptive

Click “Choose Folder”

Pick something easy to find — like “C:\selenium\firefox_profile”

Click Finish

Now click through and accept all the SSL certificates on the site you need to run Selenium tests on, repeating the process described above.

Finally, launch selenium-server and specify the profile you just created:

I don’t, since there’s no equivalent to a firefox profile template. It may be that manually accepting the certs in IE will work if your IE settings are the same when launched by selenium. You might need to mess with your security settings in IE as well. IEHTA might have other issues.

I am working on https:/ site and getting the following pop-up in IE versions and I am not able to run my script.
” This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?”

Can you please elaborate the problem, I have done most of the settings for IE browser.

This sounds unrelated to the SSL certificate issue, and might be a cross-site scripting warning. I haven’t seen it before.

Or it could be a version of the “This page contains secure and unsecure items” message which is usually an indication that it’s accessing static content (images, js, css, etc.) that is not HTTPs.

“Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connections. which could compromise the security of the entire webpage.”

A couple of command line options to starting selenium server you might try are:
-trustAllSSLCertificates
-proxyInjectionMode

Unfortunately, selenium can’t access dialogs like that in IE the way it can to dismiss javascript alerts, prompts, and confirmations. I’m not sure, but webdriver (and Selenium 2 — just released!) might be able to do that.

I implemented your workaround, but the selenium server cannot launch a browser anymore.
It works fine with the default profile (but reports Untrusted Connection).

Below is the exception.
Any ideas how I can solve this?

08:57:07.427 ERROR – Failed to start new browser session, shutdown browser and clear all session data
java.lang.ClassCastException: java.io.File cannot be cast to java.lang.String
at org.openqa.selenium.server.browserlaunchers.BrowserOptions.getFile(Br
owserOptions.java:123)
at org.openqa.selenium.server.browserlaunchers.FirefoxChromeLauncher.ini
tProfileTemplate(FirefoxChromeLauncher.java:164)
at org.openqa.selenium.server.browserlaunchers.FirefoxChromeLauncher.mak
eCustomProfile(FirefoxChromeLauncher.java:215)
at org.openqa.selenium.server.browserlaunchers.FirefoxChromeLauncher.lau
nch(FirefoxChromeLauncher.java:83)
at org.openqa.selenium.server.browserlaunchers.FirefoxChromeLauncher.lau
nchRemoteSession(FirefoxChromeLauncher.java:413)
at org.openqa.selenium.server.browserlaunchers.FirefoxLauncher.launchRem
oteSession(FirefoxLauncher.java:110)
at org.openqa.selenium.server.BrowserSessionFactory.createNewRemoteSessi
on(BrowserSessionFactory.java:373)
at org.openqa.selenium.server.BrowserSessionFactory.getNewBrowserSession
(BrowserSessionFactory.java:125)
at org.openqa.selenium.server.BrowserSessionFactory.getNewBrowserSession
(BrowserSessionFactory.java:87)
at org.openqa.selenium.server.SeleniumDriverResourceHandler.getNewBrowse
rSession(SeleniumDriverResourceHandler.java:786)
at org.openqa.selenium.server.SeleniumDriverResourceHandler.doCommand(Se
leniumDriverResourceHandler.java:423)
at org.openqa.selenium.server.SeleniumDriverResourceHandler.handleComman
dRequest(SeleniumDriverResourceHandler.java:394)
at org.openqa.selenium.server.SeleniumDriverResourceHandler.handle(Selen
iumDriverResourceHandler.java:147)
at org.openqa.jetty.http.HttpContext.handle(HttpContext.java:1530)
at org.openqa.jetty.http.HttpContext.handle(HttpContext.java:1482)
at org.openqa.jetty.http.HttpServer.service(HttpServer.java:909)
at org.openqa.jetty.http.HttpConnection.service(HttpConnection.java:820)

at org.openqa.jetty.http.HttpConnection.handleNext(HttpConnection.java:9
86)
at org.openqa.jetty.http.HttpConnection.handle(HttpConnection.java:837)
at org.openqa.jetty.http.SocketListener.handleConnection(SocketListener.
java:243)
at org.openqa.jetty.util.ThreadedServer.handle(ThreadedServer.java:357)
at org.openqa.jetty.util.ThreadPool$PoolThread.run(ThreadPool.java:534)
08:57:07.427 INFO – Got result: Failed to start new browser session: Error while
launching browser on session null

Can you give me some more details?
IE has a way to accept untrusted certificates, but be because there are not profiles, and Selenium doesn’t have the capability to select a profile, this solution won’t affect IE7. If you’re still having trouble after manually accepting the certificate in IE, running “*iehta”, and lowering your security level, let me know and I’ll investigate further.

Currently I am doing a POC using WebDrive to automate our web applicaiton. I have a situation here, during login I am getting Untrusted Connection popup thing. I googled/searched a lot but could not find a solution. I tried in Selenium using your approach and able to go through the page (Still getting a popup ‘Secure Connection Failed’ which I am cancelling manually). Do you have any solution for WebDrive?

I don’t have a solution in Webdriver, but Selenium 2 (beta released) uses webdriver under the hood.
It sounds to me like the “secure connection failed” may be a symptom of a network error where the browser fails to connect to the secure server.

Hope all is well in Fiji !! In the old days (before kids) we used to do some diving in cayman … our diving pals spent some time in Fiji – very beatiful we heard …

back to work :-)

I’m working with selenium WebDriver and trying to cure the SSL certificate issue. Your article demonstates how to create a custom firefix profile that is used with Firefox …

Now I am trying to implement the code below – You see below that it is requesting my ‘custom firefox profile name’ … This is java code that is part of my test case. I am working on Ubuntu … how do I create a custom firefox profile using firefox on ubuntu?

The bin is here
/usr/lib/firefox-3.6.23$/

Other question would be – what is ‘custom firefox profile name’ – would this be a folder name as it seems to be on windows ??

HI FIJI,
great suggestion by you, but my request i am working on Opera browser i am getting that SSL certificate error while launching the Browser through Selenium RC, could you please suggest me the way to get out of it.
your help is highly appreciated.